CVE-2017-17135

Name of the Vulnerable Software and Affected Versions Huawei DP300 versions V500R002C00 Huawei IPS Module versions V500R001C00 through V500R001C30 Huawei NGFW Module versions V500R001C00 through V500R002C00 Huawei NIP6300 versions V500R001C00 through V500R001C30 Huawei NIP6600 versions V500R001C00 through V500R001C30 Huawei RP200 versions V500R002C00 through V600R006C00 Huawei S12700 versions V200R007C00 through V200R010C00 Huawei S1700 versions V200R006C10 through V200R010C00 Huawei S2700 versions V200R006C10 through V200R010C00 Huawei S5700 versions V200R006C00 through V200R010C00 Huawei S6700 versions V200R008C00 through V200R010C00 Huawei S7700 versions V200R007C00 through V200R010C00 Huawei S9700 versions V200R007C00 through V200R010C00 Huawei Secospace USG6300 versions V500R001C00 through V500R001C30 Huawei Secospace USG6500 versions V500R001C00 through V500R001C30 Huawei Secospace USG6600 versions V500R001C00 through V500R001C30 Huawei TE30 versions V100R001C02 through V100R001C10 and V500R002C00 through V600R006C00 Huawei TE40 versions V500R002C00 through V600R006C00 Huawei TE50 versions V500R002C00 through V600R006C00 Huawei TE60 versions V100R001C01 through V100R001C10 and V500R002C00 through V600R006C00 Huawei TP3106 version V100R002C00 Huawei TP3206 versions V100R002C00 through V100R002C10 Huawei USG9500 versions V500R001C00 through V500R001C30 Huawei ViewPoint 9030 versions V100R011C02 through V100R011C03

Description The PEM module of Huawei products has a null pointer reference vulnerability due to insufficient verification. An authenticated local attacker can call the PEM decoder with a special parameter which could cause a denial of service.

Recommendations For Huawei DP300 version V500R002C00, update to a version that fixes the null pointer reference vulnerability. For Huawei IPS Module versions V500R001C00 through V500R001C30, update to a version that fixes the null pointer reference vulnerability. For Huawei NGFW Module versions V500R001C00 through V500R002C00, update to a version that fixes the null pointer reference vulnerability. For Huawei NIP6300 versions V500R001C00 through V500R001C30, update to a version that fixes the null pointer reference vulnerability. For Huawei NIP6600 versions V500R001C00 through V500R001C30, update to a version that fixes the null pointer reference vulnerability. For Huawei RP200 versions V500R002C00 through V600R006C00, update to a version that fixes the null pointer reference vulnerability. For Huawei S12700 versions V200R007C00 through V200R010C00, update to a version that fixes the null pointer reference vulnerability. For Huawei S1700 versions V200R006C10 through V200R010C00, update to a version that fixes the null pointer reference vulnerability. For Huawei S2700 versions V200R006C10 through V200R010C00, update to a version that fixes the null pointer reference vulnerability. For Huawei S5700 versions V200R006C00 through V200R010C00, update to a version that fixes the null pointer reference vulnerability. For Huawei S6700 versions V200R008C00 through V200R010C00, update to a version that fixes the null pointer reference vulnerability. For Huawei S7700 versions V200R007C00 through V200R010C00, update to a version that fixes the null pointer reference vulnerability. For Huawei S9700 versions V200R007C00 through V200R010C00, update to a version that fixes the null pointer reference vulnerability. For Huawei Secospace USG6300 versions V500R001C00 through V500R001C30, update to a version that fixes the null pointer reference vulnerability. For Huawei Secospace USG6500 versions V500R001C00 through V500R001C30, update to a version that fixes the null pointer reference vulnerability. For Huawei Secospace USG6600 versions V500R001C00 through V500R001C30, update to a version that fixes the null pointer reference vulnerability. For Huawei TE30 versions V100R001C02 through V100R001C10 and V500R002C00 through V600R006C00, update to a version that fixes the null pointer reference vulnerability. For Huawei TE40 versions V500R002C00 through V600R006C00, update to a version that fixes the null pointer reference vulnerability. For Huawei TE50 versions V500R002C00 through V600R006C00, update to a version that fixes the null pointer reference vulnerability. For Huawei TE60 versions V100R001C01 through V100R001C10 and V500R002C00 through V600R006C00, update to a version that fixes the null pointer reference vulnerability. For Huawei TP3106 version V100R002C00, update to a version that fixes the null pointer reference vulnerability. For Huawei TP3206 versions V100R002C00 through V100R002C10, update to a version that fixes the null pointer reference vulnerability. For Huawei USG9500 versions V500R001C00 through V500R001C30, update to a version that fixes the null pointer reference vulnerability. For Huawei ViewPoint 9030 versions V100R011C02 through V100R011C03, update to a version that fixes the null pointer reference vulnerability. As a temporary workaround, consider disabling the PEM decoder until a patch is available.